Splunk Enterprise Security

Community Activity

Translation of Splunk queries from Plain English to SPL Hi All, Can we translate our plain English queries to Search Processing Language i.e. SPL, does Splunk provide any f... by nnimbe1 Path Finder in Splunk Enterprise Security 05-22-2019 0 2	0	2
How do I combine tstats and InputLookup in an ES Correlation Rule I'm looking to add an input lookup to a tstats Datamodel correlation search within Splunk Enterprise Security to tune... by SMWickman Explorer in Splunk Enterprise Security 05-21-2019 0 0	0	0
Getting special character in start of raw message "<86>May 19 14:42:03 xxxxxx ..." We are getting speacial characters in splunk raw message which is impacting downstream parsing. Can you suggest ways ... by pcnitk New Member in Splunk Enterprise Security 05-20-2019 0 1	0	1
Inputlookup Not matching Data Hi, I'm trying to make a whitelist for encoded commands which IT Support use and I'm having a problem getting an inp... by swright_rl Explorer in Splunk Enterprise Security 05-20-2019 0 2	0	2
How can i set unique hostname on Splunk Windows Forwarder? Hi Guys, Need help on this... Currently, we have ongoing integration of Splunk forwarder to Deployment Server the is... by Oracle Explorer in Splunk Enterprise Security 05-19-2019 0 2	0	2
Asset Lookup in Malware Datamodel We are using ES with a datamodel that has the base constraint: (`cim_Malware_indexes`) tag=malware tag=attack ... by richardphung Communicator in Splunk Enterprise Security 05-18-2019 0 15	0	15
Hi All, I need to collect logs from windows servers in the environment. We have Splunk ES on cloud. What are the options available We need to decide on the best and easy option to collect all kinds of windows event logs by singhvishakha29 Engager in Splunk Enterprise Security 05-16-2019 0 3	0	3
Creating a simple dashboard on ticket closed count I have been playing around with creating dashboards and wanted to create one that can count how many tickets have bee... by mtmichaelthomas New Member in Splunk Enterprise Security 05-16-2019 0 1	0	1
How to post a csv from a outputlookup to a url I'm trying to post a csv file that I've generated from a outputlookup to a url. For example http://splunk.test.test2... by gpsvsoc Engager in Splunk Enterprise Security 05-16-2019 0 0	0	0
Excessive DNS Queries exclude by tag Hi, I tried to find out how to exclude tags from tstats search. My search is: \| tstats summariesonly=true allow_old... by jarkkokinnunen New Member in Splunk Enterprise Security 05-16-2019 0 0	0	0
Why does ESS "Incident Review Settings" hangs on "Loading"? When trying to access Incident Review Settings it just sit there on "Loading". Is there any fix for this? I Have Sp... by marcuspr1 Explorer in Splunk Enterprise Security 05-14-2019 0 4	0	4
Why is ESS "My Investigations" is not Loading. When I go to ESS "My Investigations" Section it hangs on Loading. We are at Splunk Enterprise v7.2.3 and Splunk Enter... by marcuspr1 Explorer in Splunk Enterprise Security 05-14-2019 0 2	0	2
How to output a single result when matching multiple results within a lookup table. I have an application file imported to be used as a lookup table in order to set the priority on servers within Asset... by edhealea Path Finder in Splunk Enterprise Security 05-14-2019 0 2	0	2
Monitoring Account Creation in Windows with High Privileges over ES , any way to monitor windows account assigned with high privilege. I only know of EventID 4672 . What all o... by arorayo New Member in Splunk Enterprise Security 05-13-2019 0 1	0	1
Is there an Audit log that tracks changes to content in Splunk Enterprise Security? We have multiple people making changes to the content in Splunk Enterprise Security and I need to be able to track do... by john_glasscock Path Finder in Splunk Enterprise Security 05-13-2019 0 6	0	6
Help me in creating a index.conf for new index. I am having trouble in creating an index.conf, what could be the issue here I not getting it. check attachment, pleas... by Rocky31 Path Finder in Splunk Enterprise Security 05-13-2019 0 5	0	5
trigger correlation rule for past event occurance there was one event occured yesterday and we have one correlation rules against that. unfortunatley it was not trigge... by rashid47010 Communicator in Splunk Enterprise Security 05-13-2019 0 1	0	1
Asset investigator Dear Experts, I want to achieve below: 1- I want that when I put hostname/server name in asset investigator it shou... by rashid47010 Communicator in Splunk Enterprise Security 05-13-2019 0 0	0	0
Creating Assets csv file correlating logs from dhcp and Cisco ISE We are creating assets inventory using different logs in Splunk. For this purpose, we first created list of “nt_host”... by SourabhKhampari Engager in Splunk Enterprise Security 05-13-2019 0 0	0	0
How many resources would I need to receive 150 GB per day? Hello team, I want to build a new SIEM using Splunk. I hope to receive between 100 and 150 GB of data per day. How... by christianubeda Path Finder in Splunk Enterprise Security 05-13-2019 0 8	0	8
Need assistance with ES error after upgrade from 5.2.2 to 5.3 I did upgraded my SPLUNK ES v5.2.2 to 5.3. none of the configure options are not working. Options like ES permissio... by satyaallaparthi Communicator in Splunk Enterprise Security 05-13-2019 0 6	0	6
Example of "adaptive response action" execute error Hi Splunkers, I followed the example of "adaptive response action" in this website https://dev.splunk.com/view/ente... by hellosplunkit Loves-to-Learn in Splunk Enterprise Security 05-12-2019 0 1	0	1
Join command working When nesting two commands using join, how can I verify if the Join command is returning the value of the field. [co... by djkj957 Engager in Splunk Enterprise Security 05-10-2019 0 2	0	2
Wildcard for domain search I am trying to find the domain that came in the logs but were faked to look similar for our domain. So if my domain i... by johnde New Member in Splunk Enterprise Security 05-10-2019 0 3	0	3
Splunk Enterprise Security requires a deployment client, but should I configure my ES search head as a deployment client? I'm setting up a fresh install of Splunk Enterprise Security 4 and have a question about the deployment client requir... by mikesangray Path Finder in Splunk Enterprise Security 05-09-2019 3 2	3	2